Method and system for transmission of confidential data

ABSTRACT

In a system for the transmission of confidential data between a transmitter1) and a receiver (3), the transmitter (1) transmits a standard key E to the receiver (3). The standard key E preferably is a random number generated within the transmitter (1). An element at the location of the transmitter (1) calculates an intrinsic key R 1  for coding the data to be transmitted, and an element at the location of the receiver calculates an intrinsic key R 2  for decoding the data. The calculation of each of the intrinsic keys R 1  and R 2  is accomplished in each case by a microprocessor (4&#39; and 5&#39;) situated within a portable object (4 and 5) which also includes a memory (4&#34; and 5&#34;) storing a program, a secret code S, and an identification code I n . The intrinsic keys R 1  and R 2  are each calculated as a function of the secret code S, the identification code I n , and the standard key E. The portable objects at the transmitter and receiver ends of the system must be matched.

This is a continuation of application Ser. No. 657,470, filed Oct. 4,1984, now abandoned, which is a continuation of Ser. No. 235,505, filedFeb. 18, 1981, now abandoned.

BACKGROUND OF THE INVENTION

The present invention relates to a method and system for transmission ofconfidential data. The present invention is related to the invention towhich commonly-assigned copending application Ser. No. 200,785, filedOct. 27, 1980, by Robert J. L. Herve, and entitled "SYSTEM AND PROCESSFOR IDENTIFICATION OF PERSONS REQUESTING ACCESS TO PARTICULARFACILITIES" is directed, the entire disclosure of which is herebyexpressly incorporated by reference.

More particularly, the invention relates to systems in which data aretransmitted in the form of messages represented in a binary code, aswell as in other forms. These messages are coded by means of a codingkey upon transmission, and then decoded for restoration to theiroriginal clear form upon being received. These systems have at least twodisadvantages. The first is the mathematical function enabling decodingof the coded message must be strictly the inverse of the functionenabling the message to be encoded. The safety of these systems residesmainly in the fact that the functions applied are complex.

The second disadvantage is the credibility of these systems is assuredonly if the keys may be easily altered in the course of time, whichimplies organizing confidential message transmission services fordispatching the keys to the users of the transmission system.

SUMMARY OF THE INVENTION

The present invention seeks to eliminate these and other disadvantagesby providing for utilization of two separate coding keys. The first is astandard key E transmitted directly in clear from the transmitter to thereceiver. The second is an intrinsic key R calculated simultaneously atthe transmitter and the receiver locations. The intrinsic key R is afunction of the standard key E, of an identification code I_(n) linkedwith the message which is transmitted, and of a secret code S stored intwo devices situated at the transmitter and receiver respectively, or atthe transmitter and receiver locations. The intrinsic key R₁ calculatedat the transmitter location is used for encoding the messagetransmitted, and the intrinsic key R₂ calculated at the receiverlocation is used to decode the coded message transmitted.

If the calculating function employed at the transmitter and receiverlocations is the same and if the secret code S stored at these locationsis the same, the intrinsic keys R calculated are identical. Under theseconditions, all that is needed is to utilize, at the transmitter andreceiver locations, an operator which allows of simultaneous encoding ofthe message by means of the intrinsic key R₁ calculated upontransmission and decoding by means of the intrinsic key R₂ calculatedupon reception. These coding and decoding operations may easily beperformed by means of logic circuits of the combinatory type, forexample EXCLUSIVE-OR circuits.

The system of the invention makes it possible to perform constantmodification of the intrinsic keys R calculated at the transmitter andreceiver locations by random alteration in the course of time of thevalue of the standard key E.

According to another feature of the invention, the calculation of eachof the intrinsic keys R at the transmitter and receiver locations isaccomplished in each case by a processor situated within a portableobject which also comprises a memory wherein is stored a program p forcalculation of the function for determining the intrinsic key R as afunction of the secret code S also stored in the memory, of the standardkey E, and of the identification code I_(n) linked with the message.These portable objects are each placed at the disposal of the personsentrusted with transmitting and receiving the messages.

The system may then operate only if both persons have strictly matchedportable objects, which amounts to saying, for example, that theprocessing units must be actuated by the same program p and that thememories must contain the same secret code S. It is obvious that afraudulent person lacking both the program p and the secret code S willbe unable to calculate the intrinsic key R enabling him to decode themessage transmitted. His task becomes ever more difficult since thesystem alters the standard key E in a random manner with each clockpulse.

According to another feature of the invention, and for the purpose ofincreasing the security of the system in a practically absolute manner,each portable object of the system contains within its memory a table ofthe identification codes I_(n) related to the messages which each personwill be authorized to transmit and receive.

The identification code related to the message contained in the memoriesof the portable objects are located or "pointed" to by addressgenerators at the transmitter and receiver locations. These addressgenerators establish correspondence between the identification codeI_(n) linked with the message and the address of the identification codeI_(n) contained in the memory of the portable object. The messagetransmission may then only occur correctly if the address generator andthe portable objects have been able to establish the identity of theidentification code I_(n) related to the message.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will now be further described by way of example, withreference to the accompanying drawings, in which:

FIG. 1 illustrates the arrangement of one embodiment of a dataprocessing system in accordance with the invention;

FIG. 2 is an illustration of one of the address generators of FIG. 1;

FIG. 3 is an illustration of one of the sequencers of FIG. 1; and

FIG. 4 illustrates the combinatory circuit utilized in the coding anddecoding operations.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The system illustrated in FIG. 1. comprises a transmitter 1 and areceiver 3 interconnected by a transmission line system 2. Thetransmitter 1 and receiver 3 are adapted to be coupled temporarily toportable objects 4 and5 comprising, respectively, processing means inthe form of microprocessors4' and 5', as well as memories or storagedevices 4" and 5". Portable objects of this kind are described incommonly-assigned Ugon U.S. Pat. No.4,211,919, issued July 8, 1980, andentitled "PORTABLE DATA CARRIER INCLUDING A MICROPROCESSOR", the entiredisclosure of which is hereby expressly incorporated by reference.

The storage devices 4" and 5" of the portable objects 4 and 5 aredivided into at least three sections. The first is a secret sectioncontaining a secret code S which is written when the portable object 4or 5 is initialized. The secret code S may thereafter be read only bythe processor 4' or 5' of the portable object 4 or 5 itself, and cannotin anyevent be read from the outside.

The second section contains the identification codes I_(n) related tothemessages which the bearer of the object is authorized to transmit orreceive. The writing of the identification codes I_(n) in the secondmemory section may be protected for reasons of security by a key codeunknown to the bearer of the portable object.

The third section contains a program p whose task is to calculate anintrinsic key R from the codes S, I_(n) and from a standard key E. Thisis summarized by the formula R=p(S,I_(n),E). Once written, the programpcannot be altered and may advantageously be contained in a read-onlymemory(ROM).

While in no way intended to limit the scope of the invention, theinformation stored in the memories 4" and 5" and operated on by theprocessors 4' and 5' may be that which is disclosed in theabove-identified commonly-assigned Herve application Ser. No. 200,785,filed Oct. 27, 1980, as is repeated below in the following specificexample.

First, the data words have the following lengths in this specificexample: The identification code I_(n) is 32 bits long; the standard keyE is also 32 bits long; and the secret code S is 64 bits long. Theresult of the computation, the intrinsic key R, is 64 bits long.

The computation effected by the instructions comprising the storedprogram p executed in the microprocessors 4' and 5' has the followingthree overall steps:

(1) First, an intermediate result, R₁, is calculated by concatenating Ewith I_(n) ·R₁ =(E, I_(n)).

(2) Second, another intermediate result, S₁, is calculated by anEXCLUSIVE-OR operation of R₁ with S. S₁ =R₁ ⊕S.

(3) Third, the result, R, is calculated by multiplying S with S₁ withR₁, modulo 2⁶⁴ -1. R=S×S₁ ×R₁, modulo 2⁶⁴ -1.

This computation can be performed in a microprocessor carried on a cardsuch as is disclosed in the above-referenced Ugon U.S. Pat. No.4,211,919.By way of example, a suitable commercially-available memorydevice which may be employed as the memories 4" and 5" is a Mostek TypeNo. MK4022. Similarly, the microprocessors 4' and 5' may each comprisean Intel Type No. 8080 or an Intel Type No. 8085.

The following lists one form of machine-language program which may beemployed as the programs p. This program listing assumes that registersdenoted A, B, C, D and T (not shown) are available:

EXAMPLE PROGRAM LISTING

    ______________________________________    Instructions    Comments    ______________________________________    001 Load I.sub.n →A                    Load registers A, B and C with                    the parameters I.sub.n, E, S    002 Load E→B    003 Load S→C    004 MOV B→A                    Concatenate E with I.sub.n to                    generate R.sub.1, and leave in                    register A    005 MOV A, T    Also store R.sub.1 in register T    006 X CT        S.sub.1 = R.sub.1 ⊕ S, to T    007 MUL (T C)   S × S.sub.1 to T    008 MUL (T A)   R = S × S.sub.1 × R.sub.1 to T    009 Load 2.sup.64 - 1→D                    Load value 2.sup.64 - 1 into                    register D    010 COMP (T, D) if R ≧ 2.sup.64 - 1    011 IF (1)      return to 1    012 END    ______________________________________

The particular transmission line system 2 employed is not importantinsofaras the present invention is concerned, and may be selected asdesired from among available forms of transmission line systems such asthose using an electric cable, or an optical, acoustic, magnetic orradio wave connection.

The FIG. 1 transmitter 1 comprises a coding device 7, a first addressgenerator 8, a random number generator 9, and a sequencer S₀ 10.

The FIG. 1 receiver 2 comprises a decoding device 11, a second addressgenerator 12, and a sequencer S₁ 13.

The address generators 8 and 12 are described in detail hereinbelow withreference to FIG. 2. The sequencers S₀ 10 and S₁ 13 are described indetail hereinbelow with reference to FIG. 3.

The portable objects 4 and 5 may be coupled temporarily to thetransmitter 1 and to the receiver 3 by respective coupling means C₁ andC₂.

The coding device 7 receives, at its input 1, the message in clear 6which is to be coded and, at its input 2, the intrinsic coding key R₁. Amessage g(M,R) is coded by the device 7 and transmitted from the device7 output 3 via the transmission line 2 to the decoding device 11input 1. The message g(M,R) is then decoded by the device 11 by virtueof receptionat its input 2 of the intrinsic decoding key R₂. The messagethen appears in clear at device 11 output 3 and is displayed at 14. (Thecodingdevice 7, the decoding device 11, and the form of encoded messageg(M,R) are described in detail hereinbelow with reference to FIG. 4.)

The intrinsic coding key R₁ is calculated and supplied by the processor4' of the portable object 4. Similarly, the intrinsic decoding key R₂ iscalculated and supplied by the processor 5' of the portableobject 5.

The first address generator 8 calculates the address (Adv) of theidentification code I_(n) of the message situated in the memory 4" ofthe portable object 4 from the identification code I_(n) linked to themessage in clear 6 and transmits this address via its output 2 to thedataand address bus of the portable object 4 (see commonly-assigned UgonU.S. Pat. No. 4,211,919), via the coupling means C₁. The first addressgenerator 8 is reset to an initial state by the signal RAZ transmittedto its input 3 via the output 2 of the sequencer S₀ 10, and isactivatedby clock signals H₀ transmitted to its input 4 via the output 1of thesequencer S₀ 10. The sequencer S₀ 10 is energized by a STARTsignal as soon as a message is transmitted to the input E₂(identification code I_(n) with message in clear 6) of the transmitter1.

The system of the invention makes it possible to perform constantmodification of the intrinsic keys R calculated in the processors 4' and5' associated respectively with the transmitter 1 and receiver 3 byrandomalteration of the standard key E as a function of time.Specifically, the standard key E is generated by a random numbergenerator 9 which may comprise a simple ring counter. The generator 9supplies a random number forming the standard key E in bit serial formas clock signals H₀ transmitted by the sequencer S₀ 10 are input to therandom number generator 9. This random number forming the standard key Eis transmitted from the output 2 of the generator 9 to the respectiveinputs of the portable objects 4 and 5 via their coupling devices C₁ andC₂.

In the same way as for the first address generator 8 in the transmitter1, the second address generator 12 in the receiver 3 is supplied at itsinput1 with the identification code I_(n) (transmitted to it via thetransmission line system 2) so that it may calculate and deliver at itsoutput 2 the address of the corresponding identification code I_(n) inthe memory 5" of the portable object 5. This address generator 12 isresetto an initial state by the signal RAZ applied to its input 3 by thesequencer S₁ 13, and is activated by a clock signal H₁ fed to its input4 by the sequencer S₁ 13. The sequencer S₁ 13 is energized via its input3 as soon as a message is transmitted via the transmission line 2.

With reference now to FIG. 2, there is shown one embodiment of anaddress generator suitable for use as the address generators 8 and 12 ofFIG. 1. The FIG. 2 address generator comprises a memory 15 which may forexample be either a Random Access Memory (RAM), a Programmable Read OnlyMemory (PROM), or an Erasable Programmable Read Only Memory (EPROM).This memory 15 contains a table of all identification codes I₀ throughI_(n) ofthe messages which the system is authorized to transmit.

The memory 15 is addressed by means of an address counter 16. Thisaddress counter 16 is stepped by means of the clock signal H applied atthe input 4 of the address generator, and is reset to zero by the signalRAZ appliedat the input 3 of the address generator.

The address counter 16 determines the address of the identification codeI_(n) contained in the memory 4" or 5" of the portable object 4 or 5andcorresponding to the message 6 which is to be transmitted. Thisdetermination is performed by an identification code register 18 and acomparator 19. The identification code I_(n) accompanying the message 6which is to be transmitted is fed into the identification register 18,after which the address counter 16 progresses at the rate of the clock Hso as to address and read the identification codes I_(n) contained inthe memory 15. The identification codes I_(n) are thus presentedsuccessively at an input of the comparator 19 which compares them to theidentification code contained in the identification code register 18.

If correspondence is established by the comparision, progression of theaddress counter 16 is stopped by application of the signal HIT toaddress counter 16 input 4, the signal HIT being supplied by output 3 ofthe comparator 19. At the same time, the contents of the address counter16 (representing the address of the location within the portable object4 or 5 of the identification code I_(n) of the message which is to betransmitted) is transmitted via an AND gate 20 (activated at its input 1by the signal HIT) as a signal ADV to the output 2 of the addressgenerator.

Similarly, with reference now to FIG. 3, an embodiment of a sequencersuitable for use as the sequencers S₀ 10 and S₁ 13 of FIG. 1 is shown.The FIG. 3 sequencer comprises a clock 21, an RS flip-flop 22, an ANDgate 23, a ring counter 24, and a decoder 25. An input of the AND gate23receives the clock signals coming from the clock 21, these signalsbeingretransmitted at the AND gate 23 output towards the output 1 of thesequencer when the other input of the gate 23 is activated via the Qoutput of the flip-flop 22. The Q output of the flip-flop 22 assumes alogic high state (binary "1") when it is triggered at its Set input (S)bythe START signal applied to the input 3 of the sequencer. This STARTsignalmay comprise a particular bit of the identification code I_(n)accompanying the message 6 which is to be transmitted. The signal H istransmitted to the input of the ring counter 24 of which a particularstate is decoded by the decoder 25 to reset the flip-flop 22 to the zerostate and to deliver the RAZ signal at the output 2 of the sequencer.

With reference now to FIG. 4, there is shown a combinatory circuit suchas may comprise both the FIG. 1 coding device 7 and the FIG. 1 decodingdevice 11. As shown, the FIG. 4 circuit comprises EXCLUSIVE-OR logicgates. In operation, upon transmission, a bit M_(i) of the message tobetransmitted and a bit R_(i) of the intrinsic key are applied,respectively, to an input of an EXCLUSIVE-OR circuit in such manner thatthe resulting combination satisfies the Boolean logic equation S_(i)=M_(i) ⊕R_(i). Upon reception, decoding is performed by also employingan EXCLUSIVE-OR circuit. The signals S_(i) and R_(i) are applied to twoof its inputs in such manner as to restore the bits M_(i). The equationfor the restored M_(i) is M_(i) =S_(i) ⊕R_(i).

The example of FIG. 4 shows an embodiment of a coding circuit for amessageM and an intrinsic key word R each of three bits. TheEXCLUSIVE-OR gates 26, 27 and 28 deliver the signals S₁ to S₃ asfollows:

    S.sub.1 =M.sub.1 ⊕R.sub.1

    S.sub.2 =M.sub.2 ⊕R.sub.2

    S.sub.3 =M.sub.3 ⊕R.sub.3

Similarly, for decoding, EXCLUSIVE-OR gates deliver the signals M₁ to M₃of the restored message M as follows:

    M.sub.1 =S.sub.1 ⊕R.sub.1

    M.sub.2 =S.sub.2 ⊕R.sub.2

    M.sub.3 =S.sub.3 ⊕R.sub.3

The restored message is thus identical to the original message,regardless of the specific message and the specific intrinsic key R, solong as the same intrinsic key R is used for both coding and decoding.

In summary, the operation of the system for transmission of coded datain accordance with the invention is as follows:

The appearance of the message in clear 6 at the inputs E₁ and E₂ of thetransmitter 1 causes the triggering of the respective address generators8 and 12 of the transmitter 1 and the receiver 3, as well as oftherandom number or standard key E generator 9. The identity of the messageis recognized by the respective address generators 8 and 12 which thentransmit to the portable objects 4 and 5 the address (ADV) of thecorresponding identity code I_(n) in the portable objects 4 and 5. Theintrinsic keys R₁ and R₂ are then calculated by the processors 4' and 5'of each of the portable objects 4 and 5 by means of a function R_(x)=p(E,S,I_(n)), one example of which is given hereinabove. If theportableobjects 4 and 5 are of the same nature, that is if each contains thesame program p, the same code S and the same identification code I_(n),the calculated intrinsic standard keys R₁ and R₂ are then the same. Theinstrinsic key R₁ is applied to the coding device 7 in the transmitter1, and the intrinsic key R₂ is applied to the decoding device 11 in thereceiver 3. The restored message received at 14 is then identical to thetransmitted message in clear 6.

The example which has been given of a perferred embodiment of theinventionis not in any way intended to limit the scope of the invention,as it is understood that any one skilled in the art well acquanted withdata transmission techniques will be able to envisage other embodimentsof the invention without thereby exceeding its scope.

What is claimed is:
 1. A method for transmission of confidential databetween a transmitter and a receiver connected by a transmission linesystem, the transmitter including a coding device and the receiverincluding a decoding device, said method comprising:generating a firstkey and transmitting the first key to the receiver; calculating in afirst portable electronic object coupled to the transmitter a second keyfrom a first code stored in the first portable electronic object, from asecond code related to the data to be transmitted and which identifiesdata authorized to be transmitted by a bearer of the first portableelectronic object, and from the first key; transmitting the second codeto the receiver; coding at the transmitter the data to be transmittedwith the second key; calculating at the receiver, in a second portableelectronic object coupled to the receiver, a third key using the firstkey and the second code and a third code stored in the second portableelectronic object; and decoding the data received with the third keycalculated at the receiver.
 2. A method for transmission of confidentialdata according to claim 1, wherein the second coding and third decodingkeys calculated at the transmitter and receiver locations are the same.3. A method for transmission of confidential data according to claim 1,wherein the first key generated and transmitted by the transmitter tothe receiver is a random number.
 4. A system for transmission ofconfidential data between a transmitter and a receiver interconnected bya transmission line system, the transmitter and receiver respectivelyincluding a coder and a decoder of the data transmitted, said systemcomprising:random number generator means included in the transmitter forgenerating a random number and for transmitting the random number to thereceiver; first and second processing means for calculating at thetransmitter and the receiver locations, respectively, a coding key and adecoding key; means located at the transmitter for supplying the codingkey to said coder for encoding the data transmitted; and means locatedat the receiver for supplying the decoding key to said decoder fordecoding the data received, the first and second processing meanscomprising first and second portable electronic objects adapted to bedetachably coupled to the transmitter and to the receiver, respectively,and wherein said processing means each include means for calculatingsaid keys as a function of the random number, a first code stored withinsaid portable electronic objects, and a second code which is related tothe data and which identifies data authorized to be transmitted by abearer of the first portable electronic object.
 5. A system fortransmission of confidential data between a transmitter and a receiveraccording to claim 4, wherein said portable electronic objects eachinclude:a storage device containing the first and second codes and aprogram; coupling means adapted for connection to the transmitter orreceiver for receiving the randon number; and the processing means isconnected to the coupling means and to said storage device forcalculating said coding and decoding keys, by execution of the program,the calculating means comprising said program.
 6. A system fortransmission of confidential data between a transmitter and a receiveraccording to claim 5, wherein the first code stored within said portableelectronic objects is unknown even to the bearers of said objects and isprotected against external readout.
 7. A method for transmission ofconfidential data between a transmitter and a receiver connected by atransmission line system, the transmitter including a coding device andthe receiver including a decoding device, said method comprising:causingthe transmitter to generate a first key and to transmit the first key tothe receiver; and calculating as a function of at least the first key asecond key at the transmitter location for coding the data to betransmitted, and calculating as a function of at least the first key athird key at the receiver location for decoding the data received, saidcalculating being performed in first and second portable electronicobjects detachably coupled to the transmitter and to the receiver,respectively, and wherein said calculating steps comprises, in eachportable electronic object, producing using the first key and a firstcode a first intermediate result, combining modulo 2 the firstintermediate result with a second code to produce a second intermediateresult, and multiplying the second intermediate result by the secondcode, module 2^(n) -1, where n is an integer corresponding to a numberof bits which comprises the second code.
 8. A method for transmission ofconfidential data according to claim 7, wherein the intrinsic coding anddecoding keys calculated at the transmitter and receiver locations arethe same.
 9. A method for transmission of confidential data according toclaim 8, wherein the first key comprises a random number, and the secondcode comprises a code stored in said portable electronic objects whichis unknown to a bearer of said portable electronic objects and which isprotected against external readout.
 10. A system for transmission ofconfidential data between a transmitter and a receiver interconnected bya transmission line system, the transmitter and receiver respectivelyincluding a coder and a decoder of the data transmitted, said systemcomprising;means included in the transmitter for generating a first keyand for transmitting the first key to the receiver; first processingmeans located at the transmitter for calculating a coding key as afunction of the first key for encoding the data and for supplying thecoding key to the coder; and second processing means located at thereceiver for calculating a decoding key as a function of the first keyfor decoding the data received and for supplying the decoding key to thedecoder, the first and second processing means being included inrespective first and second portable electronic objects adapted to bedetachably coupled to the transmitter and to the receiver, respectively,and wherein said processing means each include first means for combiningthe first key and a first code to produce a first intermediate result,second means for combining modulo 2 the first intermediate result and asecond code to product a second intermediate result, and third means formultiplying the second intermediate result by the second code, modulo2^(n) -1, where n is an integer corresponding to a number of bits whichcomprise the second code.
 11. A system for transmission of confidentialdata between a transmitter and a receiver according to claim 10, whereina secret code is stored within the second code is each of said portableelectronic objects and the first and second processing means use thecode for calculating the coding key and the intrinsic decoding key,respectively, the secret code being unknown even to the bearers of saidobjects and protected against external readout.
 12. The system of Claim5, wherein said transmitter and receiver each include an addressgenerator for addressing identification codes stored in said storagedevice, the identification codes being related to messages a bearer ofthe portable electronic object is authorized to transmit or receive, andsaid identification codes comprising the second code.
 13. The method ofclaim 9, wherein the first code comprises an identification code relatedto the data to be transmitted, the identification code being stored insaid portable electronic objects.
 14. The system of claim 10, whereinthe first key is a random number, and said generating means generates anew random number for each message to be transmitted.